From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gabriel.scherer@gmail.com>
X-Original-To: caml-list@sympa.inria.fr
Delivered-To: caml-list@sympa.inria.fr
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104])
	by sympa.inria.fr (Postfix) with ESMTPS id 5E2497FA1F
	for <caml-list@sympa.inria.fr>; Sat, 12 Jul 2014 14:08:14 +0200 (CEST)
Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender
  authenticity information available from domain of
  gabriel.scherer@gmail.com) identity=pra;
  client-ip=209.85.220.182;
  receiver=mail3-smtp-sop.national.inria.fr;
  envelope-from="gabriel.scherer@gmail.com";
  x-sender="gabriel.scherer@gmail.com";
  x-conformance=sidf_compatible
Received-SPF: Pass (mail3-smtp-sop.national.inria.fr: domain of
  gabriel.scherer@gmail.com designates 209.85.220.182 as
  permitted sender) identity=mailfrom;
  client-ip=209.85.220.182;
  receiver=mail3-smtp-sop.national.inria.fr;
  envelope-from="gabriel.scherer@gmail.com";
  x-sender="gabriel.scherer@gmail.com";
  x-conformance=sidf_compatible; x-record-type="v=spf1"
Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender
  authenticity information available from domain of
  postmaster@mail-vc0-f182.google.com) identity=helo;
  client-ip=209.85.220.182;
  receiver=mail3-smtp-sop.national.inria.fr;
  envelope-from="gabriel.scherer@gmail.com";
  x-sender="postmaster@mail-vc0-f182.google.com";
  x-conformance=sidf_compatible
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Aq0AAL8kwVPRVdy2m2dsb2JhbABZg2BagnGsCpJEh0EBgQYIFg8BAQEBAQYLCwkUKIQDAQEBBBIRHQEbEgsBAwwGBQsNAgIJHQICIgERAQUBChIGExIQiAsBAxENoiVqiyeBcoMQiysKGScDCmSGRBEBBQ6BHo1HWAeCd4FMBYRrBZYegUqQYhgphHY7gTE
X-IPAS-Result: Aq0AAL8kwVPRVdy2m2dsb2JhbABZg2BagnGsCpJEh0EBgQYIFg8BAQEBAQYLCwkUKIQDAQEBBBIRHQEbEgsBAwwGBQsNAgIJHQICIgERAQUBChIGExIQiAsBAxENoiVqiyeBcoMQiysKGScDCmSGRBEBBQ6BHo1HWAeCd4FMBYRrBZYegUqQYhgphHY7gTE
X-IronPort-AV: E=Sophos;i="5.01,649,1400018400"; 
   d="scan'208";a="71181149"
Received: from mail-vc0-f182.google.com ([209.85.220.182])
  by mail3-smtp-sop.national.inria.fr with ESMTP/TLS/RC4-SHA; 12 Jul 2014 14:08:06 +0200
Received: by mail-vc0-f182.google.com with SMTP id hq11so4095811vcb.41
        for <caml-list@inria.fr>; Sat, 12 Jul 2014 05:08:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type;
        bh=1NS8cdH0QW/XtVdbuHRQ5hLoaa2ySUfof58r75yCnF4=;
        b=oJxlsSdxCuKUQd+5GbTZsJdhTJ1TDzEtCgaj+nEtIpkOIpRQH9Rj2uBPM0yMO1mHaS
         FfJUOQer7inIpGBPTzdNZ8kF+HAm5pRUb1NADNyqHEcokd3L6e8fVjqKHaHhSw2NFa72
         uld+nLRgBAcQEl3ZGRC/n7BoHmJ68g3DeIgcYQRN80rLuIid7gVp2CZvy3o7IT2PFotC
         pl2MRkaY8+mDowmZ1e8z0IZ1mfa6SxzXwA6dBxTaMZ23Ojk0VngYEDSnqgM0rEEluXry
         wvix/j7rM5QlXf1lq0X6UoQhUisRvRCDZWRqTCwctWzKKZeL6sTlmuF+OtJ2Akya7HmJ
         hfqQ==
X-Received: by 10.221.55.70 with SMTP id vx6mr5103626vcb.23.1405166885244;
 Sat, 12 Jul 2014 05:08:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.178.230 with HTTP; Sat, 12 Jul 2014 05:07:25 -0700 (PDT)
In-Reply-To: <20140712132548.Horde.9ejEAoB3FJ5kFjy5PNSJ9A7@webmail.in-berlin.de>
References: <20140712132548.Horde.9ejEAoB3FJ5kFjy5PNSJ9A7@webmail.in-berlin.de>
From: Gabriel Scherer <gabriel.scherer@gmail.com>
Date: Sat, 12 Jul 2014 14:07:25 +0200
Message-ID: <CAPFanBEuVWAxDHW4iMpoHU9JddzR46062c3EAjV9tX7L+8SmLw@mail.gmail.com>
To: Oliver Bandel <oliver@first.in-berlin.de>
Cc: caml users <caml-list@inria.fr>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Caml-list] Program proof - how to do that?

I tried to (partially) answer this question in the following
StackOverflow thread:
  http://stackoverflow.com/questions/12937082/ocaml-used-in-demonstrations



On Sat, Jul 12, 2014 at 1:25 PM, Oliver Bandel
<oliver@first.in-berlin.de> wrote:
> Hello,
>
> how can program proof be done in the real world?
> What are the theoretical things needed to know?
> And how to bring together the theory and the practise?
>
> During the last some months I looked into how mathematical
> proof works, and how natural deduction works (also looked at calculus
> for natural deduction).
>
> How can this be used in the real world of (OCaml-)programming
> to make a proof on the functionality of software?
>
> There seem to be limits coming from the halting problem,
> but AFAIK with a reduced set of operations, then in this
> limited set of instructions, this problem can be circumvented.
> What are the details on this topic? What kind of operations
> can be proofed to be safe (doing what is intended),
> and which (kind of) operations would not be possible to
> become proofed?
>
> Any explanation as well as hints on literature are welcome.
>
> Ciao,
>    Oliver
>
>
>
> --
> Caml-list mailing list.  Subscription management and archives:
> https://sympa.inria.fr/sympa/arc/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs